Don’t let your guard down this holiday season. For macOS users, the bad news is that your system is not as immune to cyberattacks as you have been lead to believe. The good news is that Apple has fixed this latest attack, but it took a couple of tries. If you have a macOS High Sierra system you need to ensure you’re running the latest patch
On November 28th, security researchers reported a serious bug in macOS High Sierra that allows anyone to easily take control of any Mac computer. Normally, users are asked for their username and password before logging into their Mac, installing a new application, or changing settings. However, this recent bug allows users to simply type “root” as a username, leave the password field blank, and click “unlock” to gain full access.
This means if hackers have physical access to a machine, not even passwords can stop them from getting inside. They could, for instance, log in with “root,” reset the username and password, and enjoy future access to the machine at any time. They could also install spyware with ease and monitor your activity 24/7 without being detected.
The bug was so alarming that Apple released an emergency patch within a day. But even that fix had problems, and when users installed the next major macOS update, High Sierra 10.13.1, the bug reappeared.
Luckily, Apple was quickly made aware of this secondary problem and rolled out a 10.13.2 update on December 6th to completely resolve the issue.
Your Take Away
The importance of constantly checking for updates and installing them as soon as possible cannot be understated. Hackers are more active than ever and will use any means necessary to breach your network. Updating your software is the best way to reduce the number of exploitable entry points into your business.
To install updates for Apple devices, open the App Store, and click on Updates. All critical updates should be displayed on the window, but if you don’t see the one you’re looking for, use the Search field to find it.
Even though the potentially devastating High Sierra bug has been fixed, you should consider creating a genuine root user password to prevent others from gaining access to your machine just by typing in “root.”
To do this, open Directory Utility, which can be found in the Users & Groups tab in System Preferences. From there, click on Edit and select Enable root user, where you will be prompted to set a password. And last but not least, make sure you set a strong password.
Learn more about Apple security issues by getting in touch our security experts today at 604.986.8170.
Bob Milliken specializes in helping businesses with their IT needs. Our mission is to provide IT strategies, service and support that creates raving fans and builds long term lasting relationships. Bob can be reached at firstname.lastname@example.org.